测试版 Shoulder 目前处于测试阶段 — 结果有时可能不正确。您的反馈塑造我们接下来要修复的内容。 分享反馈
Shoulder.dev

开发者威胁情报
📤

Unrestricted Upload of File with Dangerous Type

🛡️ 3 条规则检测到此问题

Unrestricted Upload of File with Dangerous Type

The product allows the upload of files without properly validating the file type, which can lead to execution of malicious code.

When users can upload files without restriction, attackers may upload executable files, scripts, or other dangerous content that can be executed by the server or other users.

普遍性
频繁被利用
影响
3 条严重级别为高的规则
预防
已记录
3 个修复示例
2 预防
2 预防

如何修复此漏洞

基于 3 条 Shoulder 检测规则的 Unrestricted File Upload 预防策略。

🐹 Go 查看全部 Go 详情 →
Unsafe File Upload HIGH

Validate file type, enforce size limits, and use generated filenames for uploads

+15 -3 go 
  func upload(w http.ResponseWriter, r *http.Request) {
-     file, header, _ := r.FormFile("file")
-     defer file.Close()
-     dst, _ := os.Create("/var/www/uploads/" + header.Filename)
+     r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024)
+     file, header, err := r.FormFile("file")
+     if err != nil {
+         http.Error(w, "Invalid file", 400)
+         return
+     }
+     defer file.Close()
+     ext := filepath.Ext(header.Filename)
+     allowed := map[string]bool{".jpg": true, ".png": true, ".pdf": true}
+     if !allowed[ext] {
+         http.Error(w, "File type not allowed", 400)
+         return
+     }
+     safeFilename := uuid.New().String() + ext
+     dst, _ := os.Create(filepath.Join("/var/uploads", safeFilename))
      defer dst.Close()
      io.Copy(dst, file)
  }
🟨 JavaScript 查看全部 JavaScript 详情 →
Unrestricted File Upload HIGH

Add fileFilter to multer to validate uploaded file types

+11 -1 javascript 
- const upload = multer({ dest: 'uploads/' });
+ const upload = multer({
+   dest: 'uploads/',
+   fileFilter: (req, file, cb) => {
+     const allowed = ['image/jpeg', 'image/png', 'image/gif'];
+     if (allowed.includes(file.mimetype)) {
+       cb(null, true);
+     } else {
+       cb(new Error('Invalid file type'), false);
+     }
+   }
+ });
  app.post('/upload', upload.single('file'), handler);
🐍 Python 查看全部 Python 详情 →
Insecure File Upload HIGH

Validate file extension, MIME type, and size; use secure_filename() for paths

+14 -7 python 
- from flask import request
- 
- @app.route('/upload', methods=['POST'])
- def upload():
-     file = request.files['file']
-     file.save(f'uploads/{file.filename}')
-     return {'status': 'uploaded'}
+ from flask import request, jsonify
+ from werkzeug.utils import secure_filename
+ 
+ ALLOWED = {'png', 'jpg', 'pdf'}
+ 
+ @app.route('/upload', methods=['POST'])
+ def upload():
+     file = request.files['file']
+     ext = file.filename.rsplit('.', 1)[-1].lower()
+     if ext not in ALLOWED:
+         return jsonify({'error': 'Invalid type'}), 400
+     filename = secure_filename(file.filename)
+     file.save(f'uploads/{filename}')
+     return jsonify({'filename': filename})
4 警告信号
4 警告信号

代码审查中需要关注的内容

这些模式表明潜在的Unrestricted Upload of File with Dangerous Type漏洞。在代码审查和安全审计中注意查找。

🟠
File upload lacks proper validation go-unsafe-file-upload
🟠
Multer middleware at ... lacks fileFilter validation javascript-file-upload-validation
🟠
multer file upload middleware used without proper fileFilter validation javascript-file-upload-validation
🟠
file uploads without proper validation of file type, size, or content python-insecure-file-upload
🔍

扫描你的代码库: Unrestricted Upload of File with Dangerous Type

Shoulder CLI 在整个代码库中找到易受攻击的模式。

npx shoulder trust 浏览所有规则